But as Auger and other researchers demonstrated at Black Hat, we’re about to see a new threat to free expression. Massive groups of people will be punished not for what they say online but for using particular tools to say it. Auger investigated several popular RSS readers — programs used to pull blog content onto your computer — including Bloglines, RSS Reader, Feed Demon, and Sharp Reader, and discovered that many of them could be turned into delivery systems for malicious code designed to force computers to, for example, post spam on other people’s blogs.
Known generally as “cross-site scripting” and “cross-site request forgery,” these attacks work by covertly moving data from one location to another. And it could get worse than spamming. As Auger pointed out, everything you type into your banking Web site could get reposted elsewhere, thus allowing the bad guys to read your passwords and have fun with your money.
What is RSS? Veronica Combs, a professional Content Manager explains (embedded video) the basics of RSS (Real Simple Syndication), why it’s useful and how to get started using it to manage and read your favorite web content.